nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 17:08:05 -05:00
Code Issues Projects Releases Wiki Activity

doc updates

Browse Source
This commit is contained in:
Per Allansson 2013-03-08 18:00:25 +01:00
parent f10f5d88ad
commit a4f4729bef
3 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ChangeLog
View File

@ -1,3 +1,14 @@
=== 1.5 (2013-03-XX)
- added support for signing MSI files (patch from Marc-André Lureau)
- calculate correct PE checksum instead of setting it to 0
(patch from Roland Schwingel)
- added support for extracting/removing/verifying signature on PE files
- fixed problem with not being able to decode timestamps with no newlines
- added stricter checks for PE file validity
- added support for reading keys from PVK files (requires OpenSSL 1.0.0 or later)
=== 1.4 (2011-08-12) === 1.4 (2011-08-12)
- improved build system (patch from Alon Bar-Lev) - improved build system (patch from Alon Bar-Lev)
@ -6,7 +17,6 @@
- added support for sha1/sha256 - default hash is now sha1 - added support for sha1/sha256 - default hash is now sha1
- added flag for commercial signing (default is individual) - added flag for commercial signing (default is individual)
=== 1.3.1 (2009-08-07) === 1.3.1 (2009-08-07)
- support signing of 64-bit executables (fix from Paul Kendall) - support signing of 64-bit executables (fix from Paul Kendall)

19
README
View File

@ -47,11 +47,12 @@ to do the signing with the Microsoft signcode.exe:
http://www.matthew-jones.com/articles/codesigning.html http://www.matthew-jones.com/articles/codesigning.html
To sign with osslsigncode you need the spc file mentioned To sign with osslsigncode you need the spc file mentioned in the
in the article above, and you will also need the private article above, and you will also need the private key, it must
key, but not as a pvk file - it must be a simple key file be a key file in DER or PEM format, or if osslsigncode was
on DER format or in PEM format. You can create a DER file compiled against OpenSSL 1.0.0 or later, in PVK format.
from the PEM file by doing:
. You can create a DER file from the PEM file by doing:
openssl rsa -passin pass:XXXXX -outform der \ openssl rsa -passin pass:XXXXX -outform der \
-in <pem-key-file> -out <der-key-file> -in <pem-key-file> -out <der-key-file>
@ -62,7 +63,13 @@ To sign an EXE or MSI file you can now do:
-n "Your Application" -i http://www.yourwebsite.com/ \ -n "Your Application" -i http://www.yourwebsite.com/ \
-in yourapp.exe -out yourapp-signed.exe -in yourapp.exe -out yourapp-signed.exe
or if you are using the PEM key file: or if you are using a PVK key file:
osslsigncode -spc <spc-file> -pvk <der-key-file> \
-n "Your Application" -i http://www.yourwebsite.com/ \
-in yourapp.exe -out yourapp-signed.exe
or if you are using a PEM key file:
osslsigncode -spc <spc-file> -key <der-key-file> -pass <pem-password> \ osslsigncode -spc <spc-file> -key <der-key-file> -pass <pem-password> \
-n "Your Application" -i http://www.yourwebsite.com/ \ -n "Your Application" -i http://www.yourwebsite.com/ \

8
TODO
View File

@ -1,9 +1,11 @@
- tool for extracting/removing the signature - page hashing support
- RFC3161 timestamping
- signature extraction/removal/verificaton on MSI/CAB files
- improved signature verification on PE files
- clean up / untangle code
- separate timestamping - separate timestamping
- man page - man page
- verify signatures
- remove mmap usage to increase portability - remove mmap usage to increase portability
- tests - tests
- fix other stuff marked 'XXX' - fix other stuff marked 'XXX'
- free memory properly :) - free memory properly :)